Posted
by
Hemos
on Tuesday August 28, 2001 @12:30PM
from the adapting-to-the-future dept.

jeffy124 writes "With the world moving towards having every device under the sun being Internet-connected, is the Internet going to be too large? This article off CNN.com examines this potential situation. They look into the problems of switching networks from IPv4 to IPv6, and the inclusion of inter-operability between the two. Benefits of moving to IPv6 are looked at, but so are the critics of it who point out that if we don't have a problem now, why fix it? While low of technical details, the story points out that not many systems out there currently support IPv6. "

If IPv6 is properly administered, DNS (per se) will cease to exist. IP addresses will be dynamically assigned, be transitory, and be mobile.

In consequence, there will be no real point in a DNS system, as it exists today. There would be no way a centralized system could keep up with the changes.

With IPv6, I suspect you'll find that DNS is replaced with self-identifying systems, using the Anycast protocol. Each machine would then be responsible for knowing what it was called, at that time. (Which sounds reasonable to me!)

We haven't seen that, so far, because Anycasting is still too new and few existing IPv6 stacks support it. However, when IPv6 starts getting seriously used, it could become the most important protocol of all.

Let's see - DNS lets you type in slashdot.org and get an IPv4 or IPv6 address. Anycast lets you type in a long hexadecimal IPv6 address in your browser bar. Why do you think Anycast could ever replace DNS? It may well be used in some niches, e.g. to talk to a server farm, but it's not going to be relevant and will never replace DNS.

Doesn't work that way with IPv6. IPv6 uses a system whereby the provider announces a prefix to the device, and the device then attaches whatever number it likes to that prefix. If another device attaches to that first device, then that first device announces the prefix it got, PLUS the first 1-2 bytes of whatever it added, as the new prefix.

The theory behind all this is that you can then move a device from one network to another, without ever having to worry about routing problems, IP numbers colliding, or other such mundane trivia.

"Permanent" addresses, in this system, don't exist. They're all calculated.

How does this work, in practice?

Well, let's say that Joe Bloggs is connected to AOL. AOL decides that the backbone provider it uses can get stuffed, and switches. This changes all of AOL's addresses, and therefore Joe Bloggs' address.

However, because addresses have a lifetime attached to them, the old address remains active (although forwarded) for a finite length of time, although new connections to the old address are prohibited.

Because of this, it makes no sense for some central registry to store AOL's IP number. It can change once every 60 seconds, along with the IP address of everyone/everything connected via it.

The only person who can meaningfully store AOL's IP address becomes AOL, itself. Nobody else can possibly know it, with any reliability.

Normally, ISPs and large corporations aren't going to flip around like that. But they -can-. The protocol permits it. Because of that, and because uptime is increasingly important, they will then be able to shop for a secondary provider for a backup link, in case the first one dies.

In IPv4, a backup link via an alternative provider would be lethal. There would be no way to handle the changes in addressing, unless the entire ISP or company was behind a NAT system with High Availability at the IP level, which causes its own problems.

With IPv6, the change-over would take under 5 seconds for the whole of AOL. Nobody would notice the delay, nobody would get disconnected, and the whole setup is much simpler.

The point of having a static address is so that one machine can be found by others. You have to have some fixed address in order to describe who it is your connecting to.

Imagine the havoc that would pass if area codes in telephone numbers could change on moments notice. Take away the phone book too, since you think dns is uneeded. (Works fine for calling out- since in that case you dont care what your number is. but who are you going to call, exactly?)

If there is no way for anyone else to determine what a given servers address is, then there no way anyone else can connect to it.

In reality each "entity" be it a megacorp or a measly dialup user, will be given 80 bits worth of routable address. 16 bits of that they can use for subnets. Only the 48 starting bits are really "fixed". The 128 bit addressing scheme is really an attempt to get everyone tons of "static" routable addresses.

And There will of course be a name-to address mapping similiar to what DNS does now. The simple reason is that noone is going to type in a huge monster address when they want to hit a web page.

The only "workable" solution is to do an "Anycast". You send out the name of the machine you are looking for, and it would be the job of the recipient to send back the current valid IP address.

(Of course, this would be extremely easy to spoof, if you weren't also using IPSEC and machine authentication to validate the connection.)

This negates any need for a fixed destination. It =does= result in far more peer-to-peer traffic, removes ALL centralized control, and requires Anycasting to be implemented fully on all stacks, but it DOES kill off ICANN, and that can't be a bad thing.

Anycasting works by multicasting to all receiving hosts, and then having the first match transmit back. At least, that's the theory. It removes any need for centralized data stores, by using a peer-to-peer search and reply system.

Anycast isn't even supported by many IPv6 implementations, since it's hard to actually implement it. DNS is *more* important in IPv6 than IPv4, because the addresses are more of a pain to type. DNS is not going to go away...

The people who designed IPv6 opted, right from the start, to make it as automatic as possible. Administrators should not be burdened with assigning IP addresses, making sure there's no conflict, or running DHCP and similar carp.

Further, they anticipated an increasing use of portable devices, such as laptops and hand-helds, which made it important to have Mobile IP a part of the protocol.

The result was the complete absence of any notion of static IP addresses. Addresses are assigned at connection time, and last until either they're revoked by the owner, or they time out. Once they reach that point, they are marked as expiring. A new address is then generated. The host machine is required to then notify ALL machines connected to it or that it connects to that the address is changing, and what that new address is. The remote machines then have a certain length of time (it's not long) to change over. During the change-over, if the host has moved, the old IP addresses are forwarded by intermediate routers to the new location.

In theory, this means that IPv6 has not just 2^128 addresses, but also a TOTALLY dynamic topology. (Mapping the Internet'll suddenly become a whole lot more interesting!:)

In turn, this means that you can have wireless IP and multiple providers, move from one zone to another, and be guaranteed you'll remain connected.

Further, because addressing follows an enforced heirarchy, router tables will NEVER need more than enough addresses to go one layer up or one layer down. For 99.999% of providers, this will mean an entire 512 entries, tops. Compare this with the millions of entries a typical router handles. Forwarding lag will be carved, sliced, diced and roasted.

One of the big problems with IPv4 is the difficulty of routing. Given that there's a shortage of IP addresses, we can't let ISPs allocate large blocks, so they have to get several smaller blocks which results in several entries in routing tables. Worse, if an ISP's customer wants its own address allocation that it can take to another ISP or make accessible through multiple ISPs for redundancy, that makes another entry in the routing table. The result is that routing tables are huge and not always well optimised.

By making address allocation dynamic, IPv6 makes it possible to optimise address allocations for simplicity of routing. That should result in better routing decisions even as the number of addresses in use increases.

- dynamic IPv4 addresses, often used for dialup as you say, and hard to use for web serving

- IPv6 allocation of the bottom half of the IPv6 address (last 64 bits I think) - this is basically the MAC address of your Ethernet card (with some provisions to change this for privacy reasons). Not really dynamic unless you want it to change.

- IPv6 allocation of the top half of the address - this is derived from your ISP, and it is *very* easy to renumber your whole network (even thousands of machines) when you switch to a different ISP. This is crucial to make sure that the route to your machines doesn't need to be stored in core routing tables in the Internet, avoiding them growing too fast. Also not dynamic unless you want to change providers.

The first kind of dynamic allocation goes away completely. The MAC address type allocation is only dynamic if you want to preserve privacy, typically on a client. And the provider part allocation is slowly changing, over a number of days after you switch providers, with plenty of time for DNS servers to react.

The upshot of this is that static addresses are very common in IPv6 - you only have to change your address if you switch providers. A couple of points though:

- you might want to use a dynamic MAC address for outbound client requests, for privacy reasons, and a static IPv6 address (plus DNS name) for your web server (even on the same host, it's easy to have multiple addresses per interface)

- networks with two Internet connections, termed multi-homed, are still a big problem for core routing tables, since they incur one 'exception' route in the core routers. There's some work going on under the term PTOMAINE (a very tortured acronym) that should solve this in the next 5 years or so, 'ietf ptomaine' should find it.

I'd suspect it would depend on how much IP addresses cost, under IPv6. As it stands, if you want your own range (not a range delegated from your ISP), it's Not Cheap, and I recall you had to get 3 class C's (which struck me as really odd).

If the cost of an IPv6 block dwindles to about ten bucks a year per thousand (pulling numbers out of the air) then I suspect each ISP account would come with 16 or so addresses.

And man, would I like that. Ever try playing a DirectPlay game behind a NAT firewall? It's fine with one client and a bunch of blind portforwards, but you're on your own if you have two systems behind it that want to play. (admittedly, that's not IPv4's fault, it's that nobody knows how to read the stream to make an ip_masq_directplay as far as I know)

I looked up how much IPv6 addresses cost [arin.net] (at least in North America), and it's $2,500/year for a/35. Since each customer is supposed to get a/48, that's enough room for 8192 customers. That works out to about 30 cents per customer per year.

The article said that everybody on the planet could plug in millions of devices. This is somewhat untrue. With 128 bit addressing space, 10 BILLION people could plug in 34028236692093846346337460743.177 IPv6 devices each!

Write IP drivers that treat all devices which return an old IP addres as being the old address followed by 96 zeroes. Treat all IP calls from legacy software the same way. Then when people update their drivers (or replace their NIC cards, whichever is less hassle for them), they just keep all IP settings exactly the same.

Actually, there is a standard in IPv6 for how to encode an IPv4 address as IPv6 (prepended zeros, not appended). Also, no one needs to replace a NIC. NICs talk Ethernet (typically), not IPv4 or IPv6, and the appropriate protocol is wrapped up in layers before it gets to the NIC.

And there is no such thing as a NIC card, or for that matter a PIN number. Sigh. Sorry, its just irritating.

I say that we won't have a networking protocol that provides more addresses than their are particles in the universe. I'm thinking that the number of addresses should be roughly the size of Graham's number. Then we will NEVER run out of addresses.

I think the best part of this article is the summary of the problem: it's chicken & egg in that IPv6 won't be implemented by the backbone people until customers want it, while customers don't want it until the services are there. It reminds me very much of the current problem with HDTV, in that viewers don't want to buy HDTV systems since there's little programming that takes advantage of it, while the stations don't want to go to HDTV since no audience people have HDTVs. Of course, in this case, (We hope) government regulation will make the transition required. The switch to IPv6 is yet still only an informal agreement via the standards body and has no force of law yet to make it occur.

Of course, in this case, (We hope) government regulation will make the transition required.

I certainly don't hope that. I was all for HDTV at first, but since the vendors seem far more concerned with trying to destroy time and space-shifting than actually making a quality product at a reasonable price, I wouldn't mind at all if they went down in flames.

Hmm. So let me get this straight. You *want* HDTV to succeed? Even though they're currently busy making it so that you can never make copies of anything broadcast over it, even well within your fair use rights?

And you then want this backed up by law?

I'm sorry, but if anything is going to be succeeded by anything, making the government do it is not the right way. It's not even their job! Hopefully, what's going to happen is that the backbone providers will see IPv6 as a great technical or strategical boon and they will more or less (through hopefully non-bullying means) convince their customers to switch over.

*That* is how progess happens. Remember that "law" and "progress" are seldom used in the same sentence on purpose.

It appears that you are the one who has not fully grasped the entirety of the situation. I suppose it's not only 100% a matter of rights, but also a matter of ethics. Ever since the advent of VCRs, people have been able to time-shift their viewing in the name of convenience. It's commonplace. As such, most people consider it a fair-use right. Since the government is *supposed* to follow in the interests of the people, it *should* be a right by law. (De facto, I think they call it.)

For broadcasters to take that away from us while masquerading the action as an anti-piracy measure is not right, not ethical, and should be (in many people's minds, not just my own) considered illegal.

man, first of all, TV is FREE to watch because of advertising

As long as we are *forced* to watch the advertisements, TV is not free. The price does not always have to involve money. That aside, I would probably agree to having to watch advertisements if I could time-shift the program. But not if I had a choice.

As well, mandatory advertisement-watching disallowal of time-shifting would not be in the best interests of the industry either. (Take Napster for example. Is it any coincedence that CD sales have skyrockted in the last few years? Maybe. But I doubt it.) I currently record Star Trek episodes during the week on my VCR for viewing on the weekend because I'm typically a rather busy person. So, if the government came along and mandated this new HDTV technology that prohibits time-shifting and skipping over advertisements, I am one of many types of TV viewers who would be severely impacted. I would probably not watch Star Trek any more. That means I would not even have the *chance* to view the very commercials that pay them to run the show.

And I might note that I do not consider time-shifting as "stealing." By your own admission, you apparently do. Who's the "fucking kid" again?

From what I understand, Linux and Windows NT have had IPv6 support for quite some time now. The bigger barrier to adoption is that router technology for IPv6 is not quite ready for primetime. When Cisco and Nortel get their act in gear, IPv6 should be up and running in the wild in no time.

CISCO has had an implementation for some time. So has 3COM, Bay, Telebit, and many others. It's ready for prime-time, alright.... Well, it would be, if they could agree on what protocol to use. The 6bone was a MESS, the last time I looked, with the only good protocol (a heirarchical version of RIP, from the looks of it) coming in last.

From what I understand, Linux and Windows NT have had IPv6 support for quite some time now.

The problem appears to be more subtle than that. The routers are mostly compliant, I wouldn't worry about it.

The smooth transition is going to require that everyone on the 'Net start to switch over. Even half-wit Windows-95 AOL-point-and-drool users.

Surely, we can release patches to the operating systems. And users can upgrade to new applications programs which aren't crashing when they request a DNS lookup and get something longer than they expect.

But you know they won't.

As evidence, I submit to you the Code Red worm. You'd have to be living under a rock for the past two months to not know about it. Yet, I still get hit by infected machines. Follow the link on my.sig.

I haven't studied or attempted to deploy IPv6, but it will have to be backwards compatible with IPv4.

By contrast, RCA came up with an ingenious way of making a color signal ride on top of the existing North American black and white system. Old black and white TV sets were eventually replaced with color, but there was no great format change. You bought a color TV or a black and white set, and you weren't at the mercy of finding out whether or not there was still a black and white station in your area. People transitioned more gently and weren't put off by having their two-year-old oak-cabinet investment turned into a paperweight by moving out of a 405 line service area.

IPv6 will have to be deployed in the same way or adoption rates will wane.

You have to remember that the 405 line service started earlier than the US 525 line service.

405 line was first introduced in 1936, and temporarily shutdown in 1939. During the war, the european countries were too busy to do anything, but by 1940 the US decided to standardize on 525 lines, not a huge amount above the British 405 lines systems, but enough that in the mid sixties when colour was coming along, NTSC could be built on top of 525 lines, but no acceptable colouring system could be built on top of 405 lines.

However, with new TV stations broadcasting only in 625 lines, as soon as PAL came out, you could get monocrome PAL sets. Indeed, monocrome PAL was all that was available for many years. At that time, the tube & the colour decoding was the most expensive part, and by ommitting those, you could make a cheaper set.

I doubt if anyone lost any investment in 405 line sets. 405 line was offically obsolete in 1964, when the first 625 line channel (BBC2) was introduced. There was never a 405 line BBC2 signal. Colour was introduced to BBC2 in 1967, but 405 line service continued on until 1985, 49 years of broadcasting.

OK, you have probably had both TV and color TV for a longer time in the US, but the price that you've to pay for that is a slightly lower quality picture with fewer lines and a color signal that is not always perfect.

Yes. Admittedly, PAL has more scanning lines.

But there's no magic to that. Nearly the same horizontal frequency, with a 50Hz vertical. The bandwidth of the video and RF circuits is nearly the same, so there's really no dramatic improvement in picture quality.

On the other hand, NTSC has 525 interlaced scanning lines, 60Hz vertical, a higher frame rate, and almost no perceivable flicker as a result.

Hey my dick is bigger than yours because I shaved off all my pubic hairs:)

Heh. And your girlfriend is a pedophile.;)

even 60Hz isn't acceptable, so now we have tv-sets that digitally enhance the image and give 100Hz

True. You don't see features like that in NTSC sets, though - the 60Hz vertical rate of NTSC means that set mfrs concentrate on other things - like 53" projection sets where the scan lines are 1/4" apart. Ugh.

IMHO American TV suck, and it suck hard, to many comercials and verry bad picture quality, but mind you that was in 1992

Too many commercials, I agree. But that's not a technical issue. As for the picture quality, were you watching TV on NYC's cablesystem? [grin]

A good, clean NTSC signal is very nice. It's nothing compared to a VGA monitor, of course, but neither is PAL. I'm a videophile, I've worked as a broadcast technician, and NTSC's picture quality can be amazingly good.

and when is the us going to switch to hdtv ?

When Linux conquers the desktop, IIS users keep their webservers patched, and our home 'net connections are fiber optic with IPv6 addresses.

Maybe sooner. [sigh] It's the same chicken or egg issue which slows the IPv6 adoption.

Here in Canada, we're waiting for the US to take the lead. ER is now simulcast in HDTV, but until I point a big UHF Yagi at Buffalo NY and smuggle a receiver across the border, it does me no good.

Who would start the change, since nobody is "in charge" of IP out there. If DNS root server A upgraded, would everyone else follow? So far, everybody is watching everyone else, nobody is making the first move.

How about if AOL made a systemwide change, or ATT, Excite, and MCI all together?

ALL it would take is for one of those to change, and then to have IPv4IPv6 gateways at the borders. The customers would then be using an IPv6 stack, and gaining all the benefits, REGARDLESS of whether the rest of the Internet ever switched over.

FURTHER, because they were using IPv6 stacks, companies would have an incentive to write IPv6 apps, which would pressure other ISPs into changing over, too.

How about a killer app? The problem is that right now if you start using ipv6 you are pretty much alone. Actually you might as well unplug your network cable, since you won't be able to do much useful stuff with it.

What is needed is ipv6 only services (e.g. mp3 peer2peer filesharing) AND an easy way to get an ipv6 number for your clients/servers that can coexist with your current ipv4 number (i.e. your computer has both an ipv4 and ipv6 number). The easy part is essential because that prevents that people start creating ipv4 gateways to such services (thus removing the need for getting an ipv6 number). There are plenty of ipv6 numbers available so getting and registering one should be made as easy as possible (something like a distributed, global dhcp server that would automatically get you one based on your mac address would come in handy). Come to think of it, why not just automatically convert those mac addresses into ipv6 numbers (mac addresses are supposed to be unique anyway but I'm not entirely sure this is a great idea)

As I understand it, ipv6 can be tunneled over existing ipv4 networks, so it shouldn't be a problem if some routers inbetween ipv6 hosts are ipv4 only.

This would cause the amount of client pc's with ipv6 numbers to gradually grow. Also since lots of PCs don't have static ipv4 numbers, the amount of servers on ipv6 would also grow. Eventually, there will be a critical mass of ipv6 servers and clients and the switch can be made.

Currently there are a lot of p2p applications in development. I imagine, implementing such stuff would be a lot easier using ipv6 with its improved features. Another killerapp could be streaming multimedia (you want to see this great movie, get yourself an ipv6 number now!!).

The problem isn't getting an IPv6 node number. There's already a pre-defined IPv6 number range for IPv4 addresses. The problem is that there need to be IPv6 routing protocols for routers, and backbones that use them.

You're thinking about this completely wrong. What was it that made TCP/IP the 800 pound gorilla standard in the first place? The US Government, especially the military, standardized on it. What we need is to get the US Government to start requiring IPv6 in contracts.

No, you are thinking of the 64K barrier, not the 640K one. The 640K one was a DOS restriction. 64K was because of the 8088's 16-bit addressing. 640K was for no real good reason other than "it should be enough". While Bill G may have never said those exect words, his company okayed the philosophy behind them.

If noone can prove that it's unsafe to fly, we fly - - Pre-Challenger NASA mindset.
Doesn't seem to strange when you consider how unbelievably complicated and dangerous something like going into space is. If somone has proof (and a fix) to some deadly problem I can see them stopping, otherwise it's all just theoretical mumbo jumbo and we'd still debating launching our first rocket. Even now space shuttle launches are risky, it's only a matter of time before someone else dies in them.

Jet fighters won't help us win the war, let's move those R&D funds elsewhere - Adolf Hitler, 1942
Almost certainly true. One of Hitler's problems was his belief in superweapons. Germany spent countless R&D dollars on wasted projects during the war that would have (in the end) been better spent on making Panthers more reliable and simply producing more of them. Jet fighters wouldn't be viable for several years after 1942, even if Hitler decided to spend massive R&D dollars on them. By the way, Germany DID build jet powered planes near the end of the war, but their affect was minimal (the war was already pretty much lost by that point).

Mp3? What's that? - RIAA, 1996
Shouldn't that be: MP3? Our existing copyright laws should cover that nicely, but just to be sure, let's go and buy some Congressmen.

Windows NT will be ready. Windows NT was the first network operating system to support IPv6, and also includes support for the next-generation MSIPv8, also known as Microsoft IP 2004. MSIPv8 enhances the usability and managabilty of the Internet Protocal through versitile.NET servives and intuitive Web-enabled application diversification.

We're living in a wired world, and Windows NT provides the computing tools that we need to do ebusiness, as well as iPlay. Remember, Microsoft Windows NT: it doesn't get any better than this!

Network Address Translation only provides one-way connectivity. It allows a system behind a NAT to establish connections from external sites and retrieve data.

What it *doesn't* allow is anyone out on the internet to go and connect to the machine behind the NAT, which is kinda essential for anything beyond web-browsing.

The internet is not just port 80. Many people treat it as such, and I hope they have fun. But don't delude yourself that you have a full internet connection, because you don't. You've just got a fancy TV with a few more channels.

NAT is a stop-gap measure at best. IPv6 is essential for allowing the internet to scale the way you want it to.

Think about it: it's not outrageous that MIT and similar institutions have class-A networks - it's outrageous that *you* don't. IPv6 can fix that.

Ask your ISP about their plans to upgrade to IPv6 - and what their IP allocation policy will be. If the ISP doesn't intend to give you lots of IPv6 addresses, start looking somewhere else.

Dynamic IP allocation sucks in the same way that NAT does. Many of the peer to peer projects nowadays, in order to keep functioning, have to build their own namespace and addressing structures just to work around it.

MIT's IP scheme has allowed them to build a by-the-books network. They use their IP scheme to make it really easy to figure out where a machine is by IP. For added fun, they don't use firewalls. In fact, MIT discourages firewalling. They recommend using real security, and recommend that you use Kerberos for everything... while not supporting Kerberos (in a useful manner) except on their UNIX machines.

For added fun, MIT gave an entire B-class (well, 1/256th of their A-class, not technically a B, but you understand) to each dormitory and each fraternity. MIT groups aren't starving for IPs, which is nice, but the rest of the Internet is.

You don't WANT a class A because you can't imagine what kinds of technologies you could use if you and everyone else did have one.

Also, Instant messaging doesn't work as well as you say. When people are behind NAT, an intermediary who isn't behind NAT is required. It solves the p2p issue by not being p2p. If you can figure out how to make two machines that are using NAT find each other without an intermediary, and with no advance knowledge held by the NAT devices can you please let the rest of us know how to do it.

If you can figure out how to make two machines that are using NAT find each other without an intermediary, and with no advance knowledge held by the NAT devices can you please let the rest of us know how to do it.

This has nothing to do with NAT. Say you move from the east coast US to the west coast. Would you rather update the routing tables for the entire country or update a single entry in a dns record? A single IP address with a fancy NAT setup could theoretically handle 32,000 computers each listening on a single port.

IPv6 makes things a lot easier, but it is by no means necessary. If I were creating an IP scheme I'd probably just use GPS coordinates. If you need to move the computer, use DNS or some other app level feature, possibly with a tunnel in the mean time. Routing tables become partitions in physical space. For better privacy, the GPS coordinates could be those of your upstream provider, and then some static/dynamic number tacked on to the end. You can already be tracked to your upstream provider, if you want more privacy than that you need to start tunnelling.

Say you move from the east coast US to the west coast. Would you rather update the routing tables for the entire country or update a single entry in a dns record?

That's a whole different (unrelated) problem. Of course it makes more sence to change a DNS record, that's how it works now. However, I thought we were talking about devices sharing an address...

A single IP address with a fancy NAT setup could theoretically handle 32,000 computers each listening on a single port.

A single IP address with each device that's behind it listening on a different port is possible, but unrealistic. First off, you broke one of the rules: with no advance knowledge held by the NAT devices. If the NAT device needs to be programmed with each new device added to the network then the device is screwed in the mass market. Most people aren't going to reprogram their router. Worse, NAT is being implemented by ISPs these days. People's ISPs definatly aren't going go reprogram their router to open a port every time you get a new device. Hell, you'd be lucky if you could get them on the phone in the first place. Then you have the problem of which device get's which port. For most applications, if they don't have a well known port then they're almost useless since you won't be able to find them. The problem could be solved by inventing some kind of automatic port allocation, and linking it to dynamically assigned DNS entrys, but if every router would need to be changed to support that then you might as well just switch to IPv6 which is already implemented and solves more then one problem.

You were talking about peer to peer applications needing an intermediary. My point was that the entire internet is based upon using intermediaries

That's not an intermediary in the same sense. Once you look up the piece of information you need from DNS you're done with that connection. When you have two IM clients that are behind firewalls, they relay ALL the data through the intermediary. It is impossible for them to connect to each other directly ever. That's a lot different.

Are you familiar with SOCKS? The client requests a port to be listened on, and incoming connections to that port are tunnelled through to the client.

I'm sure you're aware of what happens when two machines behind the proxy request the same port. If it has to pick a different one, then how are the devices on the outside to know? What if it's this new DNS like server that conflicts? It'll have to be well known by the router or even implemented IN the router then. Now you're changing the router and you might as well go IPv6.

Which applications? Once again, if you have a lookup server (similar to a DNS server) acting as an intermediary, this isn't a problem

Like I said above, the DNS server isn't an intermediary in the sense that I meant. As for which applications, cat/etc/services next time you're on a *NIX box. If you don't have a *NIX box then just think about all the URL prefixes you've seen before the ':'. Those are well known ports. Those are the ones that exist now. As for the ones that exist in the future, if I knew what they were going to be I'd go create them and become very wealthy.

If the user on DSL wants to run a webserver, the user can get a static port forwarded.

You still haven't told me who is going to set up these forwards, and who is going to arbitrate them.

Not every router would need to be changed, only the router the DSL user is using.

Really? So how many DSL routers out there do you think are this intellegent. It's less then 10%. Most ISP's who do NAT do it on the other side of the DSL link. It's way cheaper to buy a nice NAT capable Cisco switch and a bunch of dumb DSL bridges then to give everyone a router. THese ISPs are the same ones who are the roadblock to switching to IPv6, so do you think it's going to be any easier to get them to change to your new NATlike scheme?

If the user on DSL wants to run a webserver, the user can get a static port forwarded.

Say you do come up with the perfect 'hack' over IPv4 to make IPv6 unessicary. Why would you use the hack when there's this nice elegant new technology that is ready to be dropped into place? Whatever hack is used has to become universal if it is to be built into consumer devices, and that deployment would end up being just as expensive as deploying any other solution...

To what end do you need an outside device initiating a conversation with your fridge?

I wonder if I should stop and pick up some milk on the way home. I'll just telnet to my fridge to... Oh wait, the fridge is behind my firewall, and I can't get that information...

Having a fridge initiate an order is probably a bad idea, but of course one that someone trying to make some money off of the idea is going to try to get you to like. There are way more bad ideas out there then there are good ones. Being able to find out what's in your fridge while you're, say, at the grocery store seems like a good idea though. So, the ideas that we've thought of that can work with NAT aren't too appealing, but the ideas that don't work with NAT are the ones that are truely interesting. Score 1 for having non translated addresses.

It doesn't matter if most of the population can imagine new devices that would use these address. Only the people who invent them need this ability. They will not have this creative freedom without the addresses being there.

Not ALL network applications require two-way communication.

So by your logic no devices should be able to have communications initiated from either end?

I believe the APPLICATIONS will become smarter, bypassing the limitations of the network they're running on. In exactly the same way that games programmers overcame inherent limitations in the hardware by clever programming.

Certainly the applications become smarter, because they have to. But at the same time, the hardware must become smarter. In the game world, video cards have all become much more powerful and support a more consistent set of services than they used to, and game developers benefit from this. By the same token, right now developers have to write their way around NAT and proxies etc., but it can't and won't stay that way: the current Internet architecture is seriously limiting and doesn't even provide particularly good security.

That's where something like Mono/Passport is a good solution. Who you are is resolvable and reachable from ANYWHERE.

You're talking about a higher level of operation - directory services, essentially - that still requires an addressing and routing solution at a lower level. The point is that the current addressing and routing mechanism is already obsolete, most people just don't realize it yet because they don't understand what's under the hood.

Why not run the conversion like the 6bone has [6bone.net]? That is, start off with virtual IPv6 between IPv6 supporting sites over IPv4 links, and gradually shift to native IPv6 where possible as more and more of the intermediate "link" sites convert to IPv6? At some point, you switch over core routers one by one so that they're running virtual IPv4 over IPv6 transport, and switch out the last of the IPv4 hardware as it becomes obsolete.

Not that this necessarily provides an incentive for IPv4 users to switch, but IMHO, as a person that's not too knowledgeable about IPv6, I don't see why technically a migration has to be too difficult. Maybe you could make the incentive something like rewarding you with more IPv6 addresses as you move out of IPv4 space - that would definitely move big network operators along, at least.

I'm still not sure how to force a more equal global assignment of the dwindling IPv4 address space. It seems like if the IPv4 afficianados aren't careful, China will just switch to IPv6 immediately, and the rest of the world will get dragged along just so we can continue to communicate with that huge percentage of the human race.

A reward that would definitely make a big impact would be to offer Microsoft the first publicly available Class A block in IPv6. they would switch in about 3 seconds, and drag everyone else kicking and screaming along with. The whole of MSN would be on it, including Hotmail, and the.Net side of MS.

But the Chinese government might not really care about this, since they don't want their people to access the Net anyway, with all the political stuff and all.

Not that this necessarily provides an incentive for IPv4 users to switch, but IMHO, as a person that's not too
knowledgeable about IPv6, I don't see why technically a migration has to be too difficult.

The problem with the 6bone is that it pretty much requires a static IP address to connect to, and more importantly, that there are no free service providers (that I know of) which allow you to run it through a firewall.

If you want to deploy ipv6 really fast just create a PPTP tunnel and a freenet. With the ability to get a static block of ipv6 addresses which work through a dynamic IPv4 (via PPTP), and IPSec (which is standard on ipv6), you can easily create a freenet-like system. The idea is that each of your fowarded connections go through a separate IPv6 tunnel.

Implement something like napster, provide an easy to use installer, and provide the 6bone tunnel, and IPv6 will be deployed in a matter of months. Plus you can probably escape a lawsuit since the only service you're providing is an IPv6 tunnel. Release the napster client part anonymously.

It's a nice idea but I have been trying to join the 6bone for absolutely ages now.

My upstream ISP (Demon Internet [demon.net]) is a participant in the 6bone network; so I e-mailed their 6bone contact and requested a small allocation of IPv6 addresses with which I could use on my internal network (all Linux; therefore all capable of IPv4).

I received no response from them whatsoever after three seperate e-mails. I *want* to switch away from IPv4, but my upstream ISP won't let me, while they are making out to the outside world that they are 'spearheading' the IPv6 revolution by announcing that they are a member of the 6bone.

Yes, I have considered applying to other 6bone networks, such as JANET [ja.net] and other UK ISPs, but my upstream ISP would have been ideal for my IPv4IPv6 tunnel (zero routing overheads). Besides, it is a matter of principle.

Anybody running a 6bone site reading this care to comment ? - before you say it, yes, I fulfil the criteria for joining the 6bone (according to http://www.6bone.net/ [6bone.net] anyway).

Who has pushed for universal connectivity of most things to the Internet and why do they want it that way?

Is the Net reaching a growth limit because of the IP numbers being used for the benefit of the Net and efficiency in the transfer of information, or so New Yuckers can trade stocks on their cellphones?

Consider the NASDAQ, which has sold its soul to technological change. It expands its trading capacity every year. The sellers of trading tools anticipate this expansion, and the traders overload the system again every year, driving a further expansion.

We can get to longer and longer fingerprints for our digital devices, or we can decide to better allocate IPs. This decision is directly related to our decisions about what we eventually want the Internet to be for.

Do we want the Internet to be a marketplace, a teacher, a trainer? I would rather have limited resources allocated to training, skills enrichment, and exposure to art and culture, than to a thousand million Doom-playing boxes and gabby cellphones.

Think about it. Which places in a given city get services such as DSL first? Is that the best social choice, for both the city and the Internet?

Whenever I've thought about IPv6 and its "suggested applications", this is the first thought that's come to mind. The answer is clearly "no, I don't want the entire world to be able to connect to my fridge." But don't you imply that level of connectivity when you assign your fridge an IP address? Not necessarily. What we should see with the switch to IPv6 is a shift of focus from "addresses" to "routes". Let me explain:

Right now, particularly in the ISP world, packet destinations are very address-centric; each customer has one or two IP addresses, and if a packet arrives at those addresses, it is delivered to the customer, either directly or through a hub.

With the number of IP addresses available in IPv6, it would be silly for an ISP to only give you a few addresses, or even a few hundred addresses. Instead, they will give out entire class B networks, and (here's the key), simply route any packet addressed to that network over the customer's connection. Since you can't just stick several thousand devices on a lan, having a full-featured router in your home will be a requirement to sort out all the incoming packets.

Once there's a router in everyone's home, it's trivial to set them up as firewalls so that someone can't hack your fridge from the outside. Sure, your fridge can still initiate a connection to the supermarket and order more milk, and everything works with no NAT hackery, since the fridge has its own IP address within your subnet. Or, you could require authentication when connecting to the fridge from outside, but still be able to address it by its unique IP from anywhere.

So, the bottom line is: more IP addresses leads to required home routers, which are trivially set up as firewalls.

Yes you can. You're thinking of the IP Masq type of NATing, where the system dynamically looks for outgoing connections, and NAT's them. Many systems allow static NATs to be defined, so that incoming connections are NATed as appropraite. If you connect to one port, you're NAT'd to one IP address/port. If you connect to another port, you're NAT'd to a different address/port. This is not theoretical, I do it right now every day, where we have about a dozen services distributed to different machines.

I don't know about you, but I certainly want it. I want a single PDA that can do everything, and that's always connected. I want a big desktop computer that is the frontend for all the real work I'm going to do. I want my fridge connected so I can check what's in there from my PDA when I'm standing in a shop, I want my washing machine connected so I don't need to go home before I would know it's finished, and I want my car connected so I can lookup in maps, and download ogg vorbis files to the stereo.

And I'd be happy to pay for it.

What I'm worried about are the privacy issues. With all this being logged, things can go wrong. We need laws that says you're not allowed to record a lot of information. Strong privacy laws.
And that you own whatever information is recorded about you.

Do we want the Internet to be a marketplace, a teacher, a trainer? I would rather have limited resources allocated to training, skills enrichment, and exposure to art and culture, than to a thousand million Doom-playing boxes and gabby cellphones.

As I see it, one of the fundamental pillars of the web is that it is universal. It has to be all. It has to be a marketplace too, but we need to make sure it isn't only a marketplace, because if it becomes, it dies. Now, the web is part of the internet, so the internet must be universal too.

"For instance, do people really want a unique address for a refrigerator -- allowing hackers to spy on individual eating habits -- or order you a truckload of milk?"

Do not fear, Consumer/Citizen #238o47234-9. We have taken care of the threat of the evil hackers. We have applied Purchase::Courts in order to prosecute, convict & incarcerate [wired.com] Evil Hacker Units for crimes we think they'll commit in the future, preventing them from ever happening. We call this "time-shifted law enforcement".

Do not fear, Consumer Units. We will prevent Technology::IPV6 from being used to order too much Commodity::Milk.

We the Consumers of This Great Nation(tm) are delighted at the news you bring us, Shopper sllort. Indeed, it is gratifying that Crime(tm) was prevented by Our FBI(tm) in such an effecient manner, such that Shopper Bell can be Reformed(tm). While regrettable that Shopper Bell's Consumer Credit(tm) will be limited for a period of ten years due to his incarceration for Unapproved Speech(tm), it is important to the serenety of our Shopper's Paradise(tm) that such potentially dangerous Shoppers be detained and Reformed(tm) early in order to insure their quick return and continued contribution to Our Consumer Economy(tm).

To ease the transition, engineers are developing ways for networks on v6 to talk with those still on v4. It'll be like running two separate Internets, with boxes in the middle to connect and translate seamlessly between the two.

great! if we are gonna effectively have two internets anyway, lets have the IPv6-based Net do away with the current DNS monopoly and let anyone register a TLD..web,.sex,.JoeSchmoe, whatever. Open DNS is the way to go.

all someone would have to do is, write a plugin for a browser that lets it seamlessly navigate IPv6 networks. But at the same time, also allow the user to choose from a open list of DNS servers at the same time. YOU choose your root ! as it was intended to be.

"Stanford University and Massachusetts Institute of Technology each got a block of 16 million IP addresses -- more than what's available to latecomers, including the entire country of China"

someone was being greedy eh? Comeon folks, time to share..

Seriously though, the article does a good job at least trying to cover all the bases even if some of the arguements are weak. We all know that it's a big change and that it's going to take years to make the transistion from 32 bit addressing to 128 bit addressing, but the people saying "why fix it if we dont have a problem?" had better get their heads out of their asses. It's just like standing in the street and saying "why should I buy a car when my horse and wagon works fine?".

I agree that some ideas are way over the top (tell me again why my toaster should be networked??) but with computers getting smaller and cheaper the number of networked devices will continue to grow. We need a new system that can handle assigning addresses to them all. It's going to take time, effort and money to switch everything over so get started and quit complaining.

If you want to have access to 20+ devices in your house while you're away, then giving each one an IP is ridiculous. You get a server for the house, and communicate with each of the devices through the server. The server has an IP address, the devices have names (or the standard internal network addresses, 192.168.0.x). You access the devices by name, using the server as a proxy. I'm sure somebody will come up with some XML based protocol for this if they haven't already.

Also, right now the worlds population is about 6 billion, and 4 billion address are possible with IPv4. Based on everybodies estimates on the adoption rate of internet access, we still have a decade before we're screwed. So, take the time to get it right instead of screwing up everything at once.

No, seriously... your assumption that each person on the internet only needs one IP address is wrong. There are legitimate reasons why a person might need two IP addresses.

do you an internet connected PC at work?
Do you use only one OS, or two OS on one computer? Some people have two computers for that.
Do you use any applications that will not work under NAT without a server in the middle.

In my opinion, proposing that only individuals need IP addresses, and that they only need one is preposterous. There are more cases than I can think of or list here where a person might require more than one IP address.

You said nothing of anything except people using computers, and that there was enough for one ip address per connected internet user. I am arguing that even at that basic level you were (and are) wrong.

FTR, P2P is used (And always has been used) for more than Napster/Clones and IM. Anything that works without going via a server to find the end place is P2P.

Some mail clients still deliver mail this way by delivering directly to a domains MX instead of to their local sendmail daemon. Its not some new thing.

If we stick with IPv4, the argument will be made that we are running out of IP address space. Residential Internet connections will switch over to NAT or PPPOE "to conserve valuable IP address space." When that occurs, it will break just about everything from peer-to-peer networking to home FTP and web servers.

So who would be in favor of that? Just the RIAA, MPAA, SPA (Software Publishers' Association), BSA (Business Software Alliance), and every other organization that believes that elimination of peer-to-peer and residential FTP and web servers would reduce piracy. ISPs would love it because servers on residential connections sometimes use an inordinate amount of bandwidth. Law enforcement would be happy because ISPs would have to process the packets, meaning that they had an easy way to monitor which user connected to which IP addresses. And ISPs could more easily perform content filtering if, say, Adobe's lawyers wrote a letter and said "IP address xxx.xxx.xxx.xxx has a downloadable program that decrypts our e-books. Please assure that your users cannot access that IP address."

The hardest part to change will be all of these new embeded devices that use IPv4 at some level. Not to mention all the cable modem and DSL routers and other misc equiptment that does not update easily.

Try explaining to the average AOL user why his new net radio gizmo no longer works. Or why he has to replace his cable modem firewall when it works just fine.

And I am not going to even try and think about what IPv6 will look like once Microsoft gets their hands on it...

I say this article sucked.
Clueless hype is all that's out there these hot summer days. It's ridiculous. They did concede that IPv6 is inevitable, but they sure spent some time wringing hands over totally irrelevant crap at the same time. I saw that link on CNN earlier in the evening and didn't read it because I knew it would suck and only went back and read it only because I saw the link here on/. and knew I could vent.
For those of us old enough to go ahead and got busy organizing networks here and there back when ICANN was getting started and you could just ask for net numbers --as I and many others did-- the problem is all too clear. The beauracratic, financial and legal powers that became involved over the years totally twisted the original premise. If you want a frickin' number you get one. If you want a thousand, you get a thousand. They're just numbers. Deal with it.
But that's not what it turned into at all. Vast portions of those billions of IPv4 numbers don't go anywhere because network routing is a financial issue closely intertwined with a technical issue that few people outside of open source are familiar with.
It's irrelevant though because IPv6 is inevitable and this has already been covered in so many other ways.
And, to top it off, dynamic domain names makes it all meta anyway. Yeah, I'm not crying about the way things are by any means but more numbers is such a rational idea. And why stop at IPv6, next step is get rid of this restricive domain naming stuff. They've already started using Chinese characters at some domain registrars. So let's just name domains like long file names so we can use popular phrases! Shit, you don't think there will be a gold rush on that shit? There's a limited set of English phrases. You take that from an English major.

I saw that link on CNN earlier in the evening and didn't read it because I knew it would suck and only went back and read it only because I saw the link here on/. and knew I could vent.

ditto

more numbers is such a rational idea

agreed

next step is get rid of this restricive domain naming stuff

Well, I think we have been selecting our own domains on the premise that shorter is better. You can't even get a three letter.com domain anymore because they are all taken. Longer is not necessarily better when your customers have to type this.is.my.cool.domain.name.everyone.will.remember.com

For instance, do people really want a unique address for a refrigerator -- allowing hackers to spy on individual eating habits -- or order you a truckload of milk?

Wow, that kinda puts a new spin on the old too much milk problem from my Operating Systems class in school. Brings back bad memories.

(For those of you who don't know/remember this problem, it is an example of resource locking, needed in OS design. I would say all Computer Science/Engineering students take that class, at least the did at my university).

First off, my toaster,TV,shower,alarm clock, and bed do not need to have an IP address on the internet. 99.995% of all internet users do not need an actual IP address on the internet. Yes, we are getting close to using up all the Class C network numbers. but if many of the messed up ISP's and co-lo farms actually managed IP's better it would, quite possibly, become a self controlling problem. when I Had my server on the internet I was given 8 IP addresses by my ISP. What the heck for? I asked for one, they said, "here! take 8!" so there's 7 Ip addresses that are now unuseable by others.
Now you might have the reason that you need to run dns,smtp,www,pop3,ftp,etc... on different machines... ok, you still dont need more than 1 Internet IP address. that's what your routing equipment is for, to manage IP addresses. They magically route that request from 127.0.0.1:80 to 10.12.1.2:80 and that 127.0.0.1:21 to 10.12.1.3:21

Do you really think that NAT is the solution for the future?? I believe that the right answer is for every electronic device to have routable addresses and apply packet filtering as appropriate. Then everyone can have their own/48 address space.

I want an IPV6 address. I'm going to run my internal home network on IPV6 and run a translator to make my IPV4 addresses translate to internal IPV6 ones. Where do I get a number space? I know the lower 8 bytes are suppose to be a MAC address, but what about the upper 8?

...is not how IPv6 will deal with the increased addressing range, but how it will handle issues of security, and more importantly, WHO will control that security and will the specifications be OPEN?

The internet as it stands suffers because it is trust-based and there are all too many willing to abuse that trust. Many untrusting-internet ideas have been flown, and most of them involve more identity checking and awareness of the originators of packets. Would this "new" internet (I hate to use such an overused term but it seems appropriate) - would this "new" internet retain any opportunities for anonymity (and thus more secure freedom of speech), or will it be a case of "let's crack down on anonymity online because anyone who doesn't want the totally benign government to know who he is must be a terrorist or a child molestor! Why do you want to be anonymous, do you have something to HIDE?"

A lot can be done towards preventing the latter if the specs for any new internet communications protocols being open or hopefully even GPL'd. Is this likely?

For the longest time all devices will require dual addresses (Ip4 and ip6) DHCP is not capable of that feat. so now we either have a techie-guy(tm) deal with the customer or just silently piss-off everyone at once. I.E. switch over from ip4 to ip6 at midnight on XX/xx/xx. Let all your users know this and send them links to the patches/files/wizards. after the switch those that have incompatable hardware are to be told to jump in a lake. those with incompatalbe software are scolded for not upgrading when they were warned.

the switch will piss-off a huge block of users. and that's the price of progress..

I think the approved way to do this is for the client to try to DHCP to a IPv6 server. If it gets an answer from this, then it will get either just an IPv6 address, or both an IPv6 and an IPv4 address. If it does not get an answer, then it should try to DHCP to an IPv4 server, in which case it would get only an IPv4 address. The DHCP server would listen on only IPv4 (If it was an IPv4 version) or both IPv4 and IPv6 (If it was an IPv6 version). This way you get backwards compatability for both old clients, and old servers.